Comment 21 for bug 794112
Revision history for this message
| Dominic Gross (domgross) wrote Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client | #21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
demo site
(Get the code!)
> The Kernel posted by Chris allows, (with console login), the user to unlock the
> screensaver
Well, this seems to fix the original bug reported here. Which is that nobody can log in using LDAP / Kerberos once a ticket of one signed in user expired.
> but applications, such like web browser, remains stuck and the session has to
> be restarted in order to work properly.
This looks like the intended behavior to me. The user's Kerberos Ticket expires some time after log in. At that point the applications can no longer access the user's NFS home directory and the applications get stuck or crash. Once a user enters his / her password again a new ticket is granted and the user can log into the session /access the home directory again. However, in my experience few applications fully recover from not being able to access the home directory for a longer time.
So, it seems to me, that in order to fix this remaining issue one needs to set up something to automatically renew Kerberos Tickets. This can be implemented either via a cronjob or packages like kstart or sssd.